2017 International Crypto Module Conference & FDE cPPs

From May 17th to 19th, I had the pleasure of attending the Fifth International Cryptographic Module Conference (ICMC 2017) with my colleague, Alexander Mazuruc. Alex usually attends this conference which focuses on cryptographic modules and FIPS 140 type issues, but this year there were 8 tracks on related subjects such as Quantum-safe crypto (yes, that is a thing), and Common Criteria. The conference had about 35 different sponsors including the Trusted Commuting Group. Overall I found the conference very informative and a good place to network in the community.

The reason I attended this year was to give a presentation on the development of the Common Criteria collaborative protection profiles (cPP) for Full Drive Encryption (FDE). Common Criteria is an international standard for computer security, and is much more widely recognized than FIPS. Also, it applies to whole products or systems, not just the cryptographic module. Historically, the major drawback of Common Criteria is the “Security Target – EAL (Evaluation Assurance Level)” method with which it was applied. FDE product vendors would write a Security Target document describing the security functionality of the product, and then submit it to a lab to have its implementation verified to a certain level of assurance (EAL). EAL could range from 1 to 7, with 7 providing the most assurance. The problem with this approach is that since every FDE Product’s security target would be different, it was hard for customers to compare them. Also, the EAL could vary from product to product, and the uniqueness of each evaluation made assessments time consuming and very expensive for the vendor.

The old assurance methods just don’t cut it, so a new approach was needed. To that end, International Technical Community (iTC) work groups were formed to create a collaborative Protection Profiles (cPP) for FDE. The idea is that experts in Common Criteria and subject matter experts from the labs, academia, industry and governments would work together to create protection profiles. The cPP defines the security requirements that a product must meet, and the accompanying documentation describes the evaluation activities a lab must perform to verify that these functions exist and are operating properly. There is no EAL level with cPPs, and unlike the Security Target method, no missing security features.

The two base cPPs for FDE were last updated in Sept of 2016:

cPP EE – Encryption Engine,

cPP AA – Authorization Acquisition,

And now, the latest cPP, EM for “Enterprise Management” was just out for public comment until May 26th.

cPP EM describes the requirements for the enterprise management from a server of the end point consisting of an AA and EE. Paraphrasing from the cPP, the purpose of the Enterprise Management (EM) cPP is to provide security critical requirements for Enterprise Management software that is used to manage systems in an enterprise that contains FDE solutions. Such software is used to provision and administer such solutions and maintain backup means of authorizing the systems, should a primary authorization be lost or forgotten.

This addition to the FDE cPP – Authorization Acquisition addresses the following scenarios over and above what was addressed in the first release of the cPP:

Managing the encryption keys and encryption policy from a Management Server

Providing for multi-user access to an endpoint protected by a compliant FDE solution

Providing for remote authentication of the user

Providing for user recovery scenarios when a user’s credential is lost or forgotten:

(i.e., Challenge/Response, Recovery PIN)

Cryptographic wiping

It also specifies that the security related data that traverses the network from a centralized management server to one or more AA instances needs to be protected with SSH, TLS, IPSEC, HTTPS, etc.

In short cPP EM completes the set of FDE cPPs, making it possible to manage an entire network of full drive encrypted devices with centralized enterprise management, and obtain government backed third party assurance that the security features are present and implemented according to the standard.

A PDF of my presentation on the “Development of cPPs for Full Disk Encryption” can be found here.

Or

Leave a Comment

comments

Tagged Under:

Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic. Garry McCracken

The Site is open to the public. Therefore, consider your comments carefully and do not include anything in a comment that you would like to keep private. By uploading or otherwise making available any information to WinMagic in the form of user generated comments or otherwise, you grant Winmagic the unlimited, perpetual right to distribute, display, publish, reproduce, reuse and copy the information contained therein.

You are responsible for the content you post. You may not impersonate any other person through the blog. You may not post content that is obscene, defamatory, threatening, fraudulent, invasive of another person’s privacy rights, or is otherwise unlawful. You may not post content that infringes the intellectual property rights of any other person or entity. You may not post any content that contains any computer viruses or any other code designed to disrupt, damage, or limit the functioning of any computer software or hardware.

By submitting or posting content on the blog, you grant WinMagic and any company substantially under its control, the right to remove any content or comment that, in WinMagic’s sole judgment, does not comply with the posting guideline, the terms of this website or is otherwise objectionable. You also grant WinMagic and any company substantially under its control the right to modify, adapt, and edit any content.

Your use of this blog is subject to the terms of use of the website on which this blog is hosted blog.winmagic.com. Because WinMagic values your thoughtful opinions, we encourage you to add a comment to this discussion. However, please don’t be offended if we edit your comments for clarity or to keep out questionable matters, and we may even delete off-topic comments. Any opinions expressed within the blog are those of the author and not necessarily held by WinMagic itself. The information on this blog may be changed without notice and is not guaranteed to be complete, correct, timely, current or up-to-date. Similar to any printed materials, the information on this blog may become out-of-date. Winmagic undertakes no obligation to update any information on the blog; provided, however, that WinMagic may update the information on this blog at any time without notice in WinMagic’s sole and absolute discretion.